(RADIATOR) Make Radiator working with PPTPD
Chairul Anwar
number_one at attglobal.net
Fri Aug 5 07:21:44 CDT 2005
Hi,
I'm testing it with Redback NAS.
The problem is the client dialed to Redback NAS was disconnected.
I just want to know that the problem does not come from Radiator.
I've read this message ini logfile:
Fri Aug 5 15:55:08 2005: DEBUG: Packet dump:
*** Received from 202.135.6.138 port 1812 ....
Code: Access-Request
Identifier: 16
Authentic: <177><251><164>:L(o<14>r<195>Q<246><26><231>@%
Attributes:
User-Name = "sistelindo at sistelindo.net.id"
User-Password =
<151><250><168><194><183><20><151>8d<147><238>0<178><203><250><188>
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Identifier = "Redback"
NAS-Port = 822345872
NAS-Port-Type = Sync
NAS-Port-Id = "3/1 vpi-vci 4 144"
RB-Medium-Type = DSL
Connect-Info = "ubr"
Calling-Station-Id = "#Redback#3/1#4#144"
RB-Platform-Type = "<0><0><0><3>"
Fri Aug 5 15:55:08 2005: DEBUG: Handling request with Handler
'Realm=sistelindo.net.id'
Fri Aug 5 15:55:08 2005: DEBUG: Rewrote user name to sistelindo
Fri Aug 5 15:55:08 2005: DEBUG: Deleting session for
sistelindo at sistelindo.net.id, 202.135.6.138, 822345872
Fri Aug 5 15:55:08 2005: DEBUG: Handling with Radius::AuthFILE:
Fri Aug 5 15:55:08 2005: DEBUG: Radius::AuthFILE looks for match with
sistelindo
Fri Aug 5 15:55:08 2005: DEBUG: Radius::AuthFILE ACCEPT:
Fri Aug 5 15:55:08 2005: DEBUG: AuthBy FILE result: ACCEPT,
Fri Aug 5 15:55:08 2005: DEBUG: Access accepted for sistelindo
Fri Aug 5 15:55:08 2005: DEBUG: Packet dump:
*** Sending to 202.135.6.138 port 1812 ....
Code: Access-Accept
Identifier: 16
Authentic: <177><251><164>:L(o<14>r<195>Q<246><26><231>@%
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Friday, August 05, 2005 12:24 PM
To: Chairul Anwar
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Make Radiator working with PPTPD
Hello Chairul -
I don't understand your question, sorry.
What are you wanting to do with NAS-Port-Id?
Note that all attribute definitions are contained in the Radiator
dictionary.
regards
Hugh
On 5 Aug 2005, at 14:56, Chairul Anwar wrote:
> Hi thank you.
> I will try it.
>
> Where to change NAS-port-id or NAS-port in config?
> In users file or in radius.cfg in client module?
>
> Chairul
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Friday, August 05, 2005 11:46 AM
> To: Chairul Anwar
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Make Radiator working with PPTPD
>
>
> Hello Chairul -
>
> Unfortunately RFC 2548 only defines the Microsoft VSA's up to
> number 33.
>
> You should find out from Microsoft what the definitions are for these
> new VSA's.
>
> When you find the definitions please send us a copy so we can add
> them to the Radiator dictionary.
>
> In the meantime you can add the following to the standard Radiator
> dictionary:
>
> # additional Microsoft VSA's (add after the existing ones)
>
> VENDORATTR 311 MS-Bogus-34
> 34 string
> VENDORATTR 311 MS-Bogus-35
> 35 string
>
> The Radiator dictionary is the file called "dictionary" in the main
> distribution directory.
>
> You can add the definitions with any text editor.
>
> regards
>
> Hugh
>
>
> On 5 Aug 2005, at 12:52, Chairul Anwar wrote:
>
>
>> Hi,
>> Yes finally I can get connected.
>> But why this error comes out?
>>
>> Fri Aug 5 09:25:28 2005: ERR: Attribute number 35 (vendor 311) is
>> not
>> defined in your dictionary
>>
>>
>> Here's the whole log:
>>
>> Fri Aug 5 09:25:28 2005: ERR: Attribute number 35 (vendor 311) is
>> not
>> defined in your dictionary
>> Fri Aug 5 09:25:28 2005: ERR: Attribute number 34 (vendor 311) is
>> not
>> defined in your dictionary
>> Fri Aug 5 09:25:28 2005: DEBUG: Packet dump:
>> *** Received from 202.135.145.185 port 3009 ....
>> Code: Access-Request
>> Identifier: 1
>> Authentic:
>> r<247><142><186><208><12>U<153>1<202><188><236><183>><142><195>
>> Attributes:
>> Acct-Session-Id = "32"
>> NAS-IP-Address = 202.135.145.185
>> Service-Type = Framed-User
>> Framed-Protocol = PPP
>> NAS-Port = 129
>> MS-RAS-Vendor = 311
>> MS-RAS-Version = "MSRASV5.20"
>> NAS-Port-Type = Virtual
>> Tunnel-Type = 0:PPTP
>> Tunnel-Medium-Type = 0:IP
>> Calling-Station-Id = "202.135.5.24"
>> Tunnel-Client-Endpoint = 202.135.5.24
>> User-Name = "sistelindo"
>> MS-CHAP-Challenge = <8><217><162>?u,<13>g1FO<19><150>)
>> <249><150>
>> MS-CHAP2-Response =
>> <0><0><254><219><7>P<168><252><147>w<154>
>> $<250><238>C<155><142>_<0><0><0><0>
>> <0><0><0><0><241><20>F<149><220><163>oyx&s?
>> <170><139>l<1><176>I<188><250>Y<2
>> 55>g<18>
>> Message-Authenticator =
>> <203><227><183><18>2<30><192><28>Q-[c<250>\<13>\
>>
>> Fri Aug 5 09:25:28 2005: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>> Fri Aug 5 09:25:28 2005: DEBUG: Deleting session for sistelindo,
>> 202.135.145.185, 129
>> Fri Aug 5 09:25:28 2005: DEBUG: Handling with Radius::AuthFILE:
>> Fri Aug 5 09:25:28 2005: DEBUG: Reading users file ./users
>> Fri Aug 5 09:25:28 2005: DEBUG: Radius::AuthFILE looks for match
>> with
>> sistelindo
>> Fri Aug 5 09:25:28 2005: DEBUG: Radius::AuthFILE ACCEPT:
>> Fri Aug 5 09:25:28 2005: DEBUG: AuthBy FILE result: ACCEPT,
>> Fri Aug 5 09:25:28 2005: DEBUG: Access accepted for sistelindo
>> Fri Aug 5 09:25:28 2005: DEBUG: Packet dump:
>> *** Sending to 202.135.145.185 port 3009 ....
>> Code: Access-Accept
>> Identifier: 1
>> Authentic:
>> r<247><142><186><208><12>U<153>1<202><188><236><183>><142><195>
>> Attributes:
>> MS-CHAP2-Success =
>> "<0>S=FFB1C819B95DA7B39C78A71AF76D0DBA1E61B8F3"
>> Service-Type = Framed-User
>> Framed-Protocol = PPP
>> Framed-IP-Netmask = 255.255.255.255
>> Framed-Routing = None
>> Framed-MTU = 1500
>> Framed-Compression = Van-Jacobson-TCP-IP
>>
>> Fri Aug 5 09:25:30 2005: ERR: Attribute number 35 (vendor 311) is
>> not
>> defined in your dictionary
>> Fri Aug 5 09:25:30 2005: ERR: Attribute number 34 (vendor 311) is
>> not
>> defined in your dictionary
>> Fri Aug 5 09:25:30 2005: DEBUG: Packet dump:
>> *** Received from 202.135.145.185 port 3010 ....
>> Code: Accounting-Request
>> Identifier: 1
>> Authentic: ~<180><129><230>}}9<22><138><156>$"<24><149><183>x
>> Attributes:
>> Acct-Status-Type = Start
>> Acct-Delay-Time = 0
>> NAS-IP-Address = 202.135.145.185
>> Service-Type = Framed-User
>> Framed-Protocol = PPP
>> NAS-Port = 129
>> MS-RAS-Vendor = 311
>> MS-RAS-Version = "MSRASV5.20"
>> NAS-Port-Type = Virtual
>> Tunnel-Type = 0:PPTP
>> Tunnel-Medium-Type = 0:IP
>> Calling-Station-Id = "202.135.5.24"
>> Tunnel-Client-Endpoint = 202.135.5.24
>> Acct-Session-Id = "32"
>> User-Name = "sistelindo"
>> Framed-IP-Address = 192.168.1.102
>> Framed-MTU = 1500
>> Acct-Multi-Session-Id = "1"
>> Acct-Link-Count = 1
>> Event-Timestamp = 1123208904
>> Acct-Authentic = RADIUS
>> MS-MPPE-Encryption-Types = 0
>>
>> Fri Aug 5 09:25:30 2005: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>> Fri Aug 5 09:25:30 2005: DEBUG: Adding session for sistelindo,
>> 202.135.145.185, 129
>> Fri Aug 5 09:25:30 2005: DEBUG: Handling with Radius::AuthFILE:
>> Fri Aug 5 09:25:30 2005: DEBUG: AuthBy FILE result: ACCEPT,
>> Fri Aug 5 09:25:30 2005: DEBUG: Accounting accepted
>> Fri Aug 5 09:25:30 2005: DEBUG: Packet dump:
>> *** Sending to 202.135.145.185 port 3010 ....
>> Code: Accounting-Response
>> Identifier: 1
>> Authentic: ~<180><129><230>}}9<22><138><156>$"<24><149><183>x
>> Attributes:
>>
>>
>> -----Original Message-----
>> From: Hugh Irvine [mailto:hugh at open.com.au]
>> Sent: Thursday, August 04, 2005 2:02 PM
>> To: Chairul Anwar
>> Cc: radiator at open.com.au
>> Subject: Re: (RADIATOR) Make Radiator working with PPTPD
>>
>>
>> Hello Chairul -
>>
>> Thanks for the additional information - I think you are almost there.
>>
>> As the debug message shows, to process MS-CHAPv2 you must install the
>> Digest-MD4 module (available from CPAN).
>>
>> regards
>>
>> Hugh
>>
>>
>> On 4 Aug 2005, at 16:41, Chairul Anwar wrote:
>>
>>
>>
>>> Hi I've tried the following step:
>>>
>>> 1. configure VPN on my windows 2003 and authenticate using windows
>>> authentication.
>>> 2. test dial with VPN client on Windows 2000 using PAP, MS-CHAP and
>>> MS-CHAP
>>> V2, all of them successfully connected.
>>> 3. configure the VPN to authenticate to Radius using Internet
>>> Authentication
>>> Service (IAS) on windows 2003 and configure IAS to handle the VPN
>>> Server as
>>> its client.
>>> 4. test dial using PAP, MS-CHAP and MS-CHAP V2, all of them
>>> successfully
>>> connected.
>>> 5. configure radiator radius using step by step you've given (exept
>>> for vpn
>>> I'm using windows 2003 instead of pptpd)
>>> 6. running rudpwtest successful with simple.cfg
>>> 7. then I add in /etc/radiator/users:
>>> sistelindo User-Password=XXXXXX
>>> Service-Type = Framed-User,
>>> Framed-Protocol = PPP,
>>> Framed-IP-Netmask = 255.255.255.255,
>>> Framed-Routing = None,
>>> Framed-MTU = 1500,
>>> Framed-Compression = Van-Jacobson-TCP-IP
>>> 8. and I also add in /etc/radiator/radius.cfg:
>>> <Client 202.135.145.185>
>>> Secret XXXXXX
>>> DupInterval 0
>>> </Client>
>>> 9. Then I run radiusd as your instructions before.
>>> 10. I run my vpn client and found this error of radiator debug:
>>>
>>> Thu Aug 4 13:27:22 2005: ERR: Attribute number 35 (vendor 311) is
>>> not
>>> defined in your dictionary
>>> Thu Aug 4 13:27:22 2005: ERR: Attribute number 34 (vendor 311) is
>>> not
>>> defined in your dictionary
>>> Thu Aug 4 13:27:22 2005: DEBUG: Packet dump:
>>> *** Received from 202.135.145.185 port 3132 ....
>>> Code: Access-Request
>>> Identifier: 5
>>> Authentic:
>>> <244><225>G<176><177><148><194><216><218><250>fv<213><197><<159>
>>> Attributes:
>>> Acct-Session-Id = "34"
>>> NAS-Identifier = "MIKEM"
>>> NAS-IP-Address = 202.135.145.185
>>> Service-Type = Framed-User
>>> Framed-Protocol = PPP
>>> NAS-Port = 129
>>> MS-RAS-Vendor = 311
>>> MS-RAS-Version = "MSRASV5.20"
>>> NAS-Port-Type = Virtual
>>> Tunnel-Type = 0:PPTP
>>> Tunnel-Medium-Type = 0:IP
>>> Calling-Station-Id = "202.135.5.48"
>>> Tunnel-Client-Endpoint = 202.135.5.48
>>> User-Name = "sistelindo"
>>> MS-CHAP-Challenge =
>>> <143>wZ"<170><161><177><152><167><7><232><147><244><193>:<207>
>>> MS-CHAP2-Response =
>>> <0><0>!I<254><184>PoW<131><16>Q
>>> \<212><247><231><138><189><0><0><0><0><0><0><
>>> 0><0><198><157>F<16>3<178><135><198><134><19>3<220>i<207>W<172><188>
>>> k
>>> <
>>> 238><1
>>> 84>(/<228><157>
>>> Message-Authenticator =
>>> <155><158>sA<147>I<23>2<21><241><134><227><15><3>@A
>>>
>>> Thu Aug 4 13:27:22 2005: DEBUG: Handling request with Handler
>>> 'Realm=DEFAULT'
>>> Thu Aug 4 13:27:22 2005: DEBUG: Deleting session for sistelindo,
>>> 202.135.145.185, 129
>>> Thu Aug 4 13:27:22 2005: DEBUG: Handling with Radius::AuthFILE:
>>> Thu Aug 4 13:27:22 2005: DEBUG: Reading users file ./users
>>> Thu Aug 4 13:27:22 2005: DEBUG: Radius::AuthFILE looks for match
>>> with
>>> sistelindo
>>> Thu Aug 4 13:27:22 2005: ERR: Could not load Radius::MSCHAP to
>>> handle an
>>> MS-CHAP2 request: Can't locate Digest/MD4.pm in @INC (@INC
>>> contains: .
>>> /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5
>>> /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi
>>> /usr/lib/perl5/site_perl/5.8.4/i386-linux-thread-multi
>>> /usr/lib/perl5/site_perl/5.8.3/i386-linux-thread-multi
>>> /usr/lib/perl5/site_perl/5.8.2/i386-linux-thread-multi
>>> /usr/lib/perl5/site_perl/5.8.1/i386-linux-thread-multi
>>> /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi
>>> /usr/lib/perl5/site_perl/5.8.5 /usr/lib/perl5/site_perl/5.8.4
>>> /usr/lib/perl5/site_perl/5.8.3 /usr/lib/perl5/site_perl/5.8.2
>>> /usr/lib/perl5/site_perl/5.8.1 /usr/lib/perl5/site_perl/5.8.0
>>> /usr/lib/perl5/site_perl
>>> /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi
>>> /usr/lib/perl5/vendor_perl/5.8.4/i386-linux-thread-multi
>>> /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi
>>> /usr/lib/perl5/vendor_perl/5.8.2/i386-linux-thread-multi
>>> /usr/lib/perl5/vendor_perl/5.8.1/i386-linux-thread-multi
>>> /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi
>>> /usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/vendor_perl/5.8.4
>>> /usr/lib/perl5/vendor_perl/5.8.3 /usr/lib/perl5/vendor_perl/5.8.2
>>> /usr/lib/perl5/vendor_perl/5.8.1 /usr/lib/perl5/vendor_perl/5.8.0
>>> /usr/lib/perl5/vendor_perl .) at
>>> /usr/lib/perl5/site_perl/5.8.5/Radius/MSCHAP.pm line 47.
>>> BEGIN failed--compilation aborted at
>>> /usr/lib/perl5/site_perl/5.8.5/Radius/MSCHAP.pm line 47.
>>> Compilation failed in require at
>>> /usr/lib/perl5/site_perl/5.8.5/Radius/AuthGeneric.pm line 631.
>>>
>>> Thu Aug 4 13:27:22 2005: DEBUG: Radius::AuthFILE REJECT: Bad
>>> Password
>>> Thu Aug 4 13:27:22 2005: DEBUG: AuthBy FILE result: REJECT, Bad
>>> Password
>>> Thu Aug 4 13:27:22 2005: INFO: Access rejected for sistelindo: Bad
>>> Password
>>> Thu Aug 4 13:27:22 2005: DEBUG: Packet dump:
>>> *** Sending to 202.135.145.185 port 3132 ....
>>> Code: Access-Reject
>>> Identifier: 5
>>> Authentic:
>>> <244><225>G<176><177><148><194><216><218><250>fv<213><197><<159>
>>> Attributes:
>>> Reply-Message = "Request Denied"
>>>
>>>
>>> Please let me know what happened, and how to solve this....
>>>
>>> Thank you.
>>>
>>>
>>> -----Original Message-----
>>> From: owner-radiator at open.com.au [mailto:owner-
>>> radiator at open.com.au] On
>>> Behalf Of Hugh Irvine
>>> Sent: Friday, July 29, 2005 2:21 PM
>>> To: number_one at attglobal.net
>>> Cc: radiator at open.com.au
>>> Subject: Re: (RADIATOR) Make Radiator working with PPTPD
>>>
>>>
>>> Hello Chairul -
>>>
>>> To get started with radius I suggest you read the RADIUS RFC's (doc/
>>> rfc2865.txt and doc/rfc2866.txt) and then read the Radiator
>>> reference
>>> manual (doc/ref.html). Then you can do some simple experiments with
>>> radpwtst (test utility) and goodies/simple.cfg.
>>>
>>> The steps involved for your application are as follows:
>>>
>>> 1. configure PPTP to do RADIUS authentication
>>>
>>> 2. configure PPTP radius to send radius requests to Radiator (IP
>>> address / UDP port number / shared secret)
>>>
>>> 3. configure Radiator starting with "goodies/simple.cfg" (Client
>>> clause to match point 2 above, Realm DEFAULT, AuthBy FILE)
>>>
>>> 4. run Radiator from the command line so you can see what is going
>>> on:
>>>
>>> perl radiusd -foreground -log_stdout -trace 4 -
>>> config_file .....
>>>
>>> 5. in a separate window run radpwtst to verify correct operation
>>>
>>> 6. then run VPN tests to PPTP
>>>
>>> At all stages check the trace 4 debug from Radiator so you can see
>>> what is happening.
>>>
>>> hope this helps
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>>
>>> On 29 Jul 2005, at 14:42, number_one at attglobal.net wrote:
>>>
>>>
>>>
>>>
>>>> Yes,
>>>> I've tried it but still have problems getting authenticated.
>>>>
>>>> I said that wrong user id and password, but I'm sure I've put the
>>>> right one.
>>>> No documents for newbies on the net about how to configure
>>>> freeradius
>>>> correctly.
>>>> And I've download radiator manual and cannot find the clues either.
>>>> I'm new in this stuff, and I need step by step guide to make it
>>>> running.
>>>> Can Radiator provide it?
>>>> It was very easy in configuring windows 2003 VPN to authenticate
>>>> with
>>>> windows radius (IAS) and also complete guide to make it happens.
>>>> I've done it not more than 1 hour to configure it correctly using
>>>> step by
>>>> step guide from microsoft webpage.
>>>>
>>>> But it is very hard to make pptpd authenticate through Radiator or
>>>> any
>>>> linux based radius, because lacks of documents for newbies like
>>>> me ... :(
>>>>
>>>> Chairul
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/
>>> archives/
>>> radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database
>>> independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like
>>> systems.
>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list